Skip to main content

Tags conferences

Sandro Gauci

Sandro Gauci, Enable Security

Killing bugs … one vulnerability report at a time

Executive summary (TL;DR) We tell the story behind the latest FreeSWITCH advisories and how it all came together one sleepless night in April 2021 so that we ended up with 4 vulnerabilities that needed reporting. And then, one more vulnerability found due to a bug in our own software, SIPVicious PRO. We explain how these flaws were discovered, reported, fixed and what we ultimately learned through this process. What is this about?…

Read more »

One presentation at ClueCon and five security advisories for FreeSWITCH

The FreeSWITCH team has just published version v1.10.7 which fixes a number of security issues that we reported. If you use FreeSWITCH, please do upgrade to get these security updates. To learn about the background work that went into getting these security bugs squashed, follow Sandro’s talk called Killing bugs … one vulnerability report at a time. This will be presented at at ClueCon on Thursday, October 28th. Here are the titles of each advisory and a very short summary:…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

ClueCon Weekly with Sandro Gauci, demonstration of SIP Digest Leak

Published on Oct 16, 2020 in , ,

ClueCon weekly is a regular video by the people behind Freeswitch and Signalwire, hosted by the very friendly David Duffet. I had the pleasure of recording an interview and a presentation with David a few weeks back. If you would like a summary of what the video chat was about, scroll down to the points below. Otherwise, hope you enjoy the chat as much as I did! Summary Here’s an outline of what went on:…

Read more »
Sandro Gauci

Sandro Gauci, Enable Security

RTC Security chat at Kamailio World Online with Daniel and Olle

It’s been a month already since the Kamailio World RTC security chat! The conversation included Daniel-Constantin Mierla and Olle E. Johansson from the Kamailio project and myself. Daniel is the lead developer of Kamailio, can be found at ASIPTO while Olle is behind Edvina.net. If you don’t have time to watch the entire conversation, the following is my summary of this discussion: Introductions and discussions After introductions from Daniel, I took lead to briefly mention what we at Enable Security have been up to, including our work on SIPVicious PRO, our research on WebRTC security especially regarding the TURN server abuse vulnerability, our work on DoS in VoIP and WebRTC infrastructure and finally, research on how Kamailio may be (mis)configured to introduce vulnerabilities.…

Read more »

Kamailio World Online SIP and VoIP Security Panel

On 2nd September, 14:00-14:30 Berlin time, the author of this post is joining Olle E. Johansson to chat at Kamailio World online about (guess what?) SIP and VoIP security, and recommendations on how working from home impacts security. I very much look forward to our discussions that will be streamed live on the Kamailio World youtube channel! My arguments will likely be turned into an opinion piece later on, but they’ll likely steer towards the following thoughts:…

Read more »

New Mascot and Tshirts!! and .. Kamailio World 2016 - 9 Years Of Friendly Scanning And Vicious SIP

Published on May 24, 2016 in , ,

On the presentation Last week I had the pleasure of presenting something new at Kamailio World 2016. Great community and excellent feedback! The presentation went through the following: How and why SIPVicious was originally written and published Those strange emails and phone calls asking for special version ;-) RIPE’s 1.1.1.0/24 experiment and how it was interesting in terms of SIP security Sality pushing modified versions of SIPVicious Attackers making use of insecure Tandberg systems to install SIPVicious SVCrash - why it was published and how it worked Security updates from the VoIP and PBX industry Rewriting SIPVicious (various fails) What happened since then and what I’ve been using during VoIP pentests that involve SIP 2016, yet another rewrite on the way New features in this latest rewrite attempt and how they show some important security issues Some parts were sped up due to the limited time that I had for my presentation, but I think the main points were delivered.…

Read more »

AstriCon roundup and vendors adding security features

Published on Oct 29, 2010 in , ,

So I’ve finally been to AstriCon and I noticed a great increased interest amongst the attendees with regards to security, fraud and “hacking”. The slides for my presentation titled “Just how vulnerable is your phone system” can be downloaded from this location. So what are the changes and additions from the software developer’s side? Asterisk 1.8 has been released touting TLS support for SIP and SRTP support too, plus a framework to make auditing easier 3CX havereleased a major security update with features to make it easier to set proper passwords I just received an email from Brekeke highlighting their security pageon their wiki which was originally published on March 11, 2009 What accounts for these changes?…

Read more »

BruCON Training: Module 4, Attacking Unified Communications

Published on Sep 7, 2010 in , ,

The final module in the upcoming pentesting VoIP crashcourse is the most exciting one. In this section we look at VoIP systems as a whole. Unified communications is one of those words that have been hyped up to include everything, from chat to video phone calls and SMS. What we will look at in this section is how to go about breaking into the following during a penetration test: Web application security flaws in Asterisk-based PBX servers Attacking various services open in PBX servers, such as TFTP How once you’re on a PBX network, you can sometimes simply use your phone to spy on other phone calls How to make use of hardware taps Hardware phone features that can be abused Abuse of various exposed features in Cisco call manager accessible on the HTTP server This module will help familiarize the attendees with the target servers and system.…

Read more »

BruCON Training: Module 3, Attacking the media

Published on Sep 2, 2010 in , ,

This is part of the BruCON VoIP security crash course training intro. For more information about the course and to secure a place, check out the BruCON website. We trust our phones with our sensitive data more than most other forms of communications. We may not trust sending our credit card number by email to the hotel. In the end we give it to them on the phone anyway, and it may not matter if the phone is a mobile phone or a VoIP phone.…

Read more »

BruCON Training: Module 2, Attacking signaling protocols

Published on Sep 1, 2010 in , ,

This is part of the BruCON VoIP security crash course training intro. For more information about the course and to secure a place, check out the BruCON website. Most VoIP systems perform signaling using a protocol separate than the media transfer protocol. Signaling protocols allow VoIP systems to register, authenticate, and initiate phone calls and tends to carry a lot of intelligence with it. In this part of the training, Joffrey and myself will talk you through the following different signaling protocols and attacks that apply to these protocols:…

Read more »